Configuring Nat444 Alarm Logging; Enabling Sending Icmp Error Messages For Nat Failures - HPE FlexNetwork MSR Series Comware 7 Layer 3 - Ip Services Configuration Manuals

Step

Configuring NAT444 alarm logging

If the public IP addresses, port blocks, or ports in selected port blocks (including extended ones) are
all occupied, the NAT444 gateway cannot perform address translation and packets will be dropped.
To monitor the usage of public IP addresses and port block resources, you can configure NAT444
alarm logging.
A NAT444 gateway generates alarm logs when one of the following occurs:
•
The ports in the selected port block of a static NAT444 mapping are all occupied.
•
The ports in the selected port blocks (including extended ones) of a dynamic NAT444 mapping
are all occupied.
•
The public IP addresses and port blocks for dynamic NAT444 mappings are all assigned.
Before configuring NAT444 alarm logging, you must configure the custom NAT444 log generation
and outputting features. For more information, see Network Management and Monitoring
Configuration Guide.
To configure NAT444 alarm logging:
Step
1. Enter system view.
2. Enable NAT logging.
3. Enable NAT444 alarm
logging.
Enabling sending ICMP error messages for NAT
failures
Disabling sending ICMP error messages for NAT failures reduces useless packets, saves bandwidth,
and avoids exposing the firewall IP address to the public network.
This feature is required for traceroute.
To enable sending ICMP error messages for NAT failures:
Step
1. Enter system view.
2. Enable sending ICMP
error messages for NAT
failures.
Command
Command
system-view
nat log enable [ acl { ipv4-acl-number
| name ipv4-acl-name } ]
nat log alarm
Command
system-view
nat icmp-error reply
156
Remarks
withdrawal.
Remarks
N/A
By default, NAT logging is
disabled.
The acl keyword does not take
effect on NAT444 alarm logging.
By default, NAT444 alarm logging
is disabled.
Remarks
N/A
By default, no ICMP error
messages are sent for NAT
failures.